1. POLICY

It is NASA policy to--

a. Protect the public, NASA workforce, high-value equipment and property,
and the environment from potential harm as a result of NASA activities
and operations by factoring safety as an integral feature of programs,
projects, technologies, operations, and facilities.

b. Establish and maintain independent lines of communications for
unrestricted flow of information and adjudication of dissenting opinions
concerning any matters affecting the ability to meet the safety and
mission success requirements and criteria.

c. Hold NASA leaders, managers, supervisors, and employees accountable
for safety and mission success within their assigned areas of
responsibility.

d. Define and document both safety and mission success requirements and
criteria in NASA programs and projects as a foundation for the design and
development of safe and reliable program hardware and software.

e. Require all acquisition instruments as specified by the NASA Federal
Acquisition Regulation Supplement to appropriately address SMA
processes so that the responses to these instruments describe the
approach to be used to implement SMA and to manage the associated safety
and mission success risk factors.

f. Verify and validate life-cycle implementation of the SMA processes and
any related safety and mission success requirements through ongoing
surveillance of program, project, and contractor processes.

g. Certify the safety and operational readiness of hazardous or mission
critical hardware and software (including flight systems, support
equipment, facilities/operations, ground-based systems) through a process
of formal review of the compilation of validation and verification
information.

i. Use qualitative and quantitative risk assessment techniques to develop
information for making informed decisions regarding safety and mission
success within a structured and formal decision process.

j. Process all technical decisions that result in residual safety and/or
mission success risk by obtaining:

(1) The approval/concurrence of the cognizant Technical Authority
(Engineering, SMA, or Health/Medical) with the acceptance of risk.

NOTE: The approval or concurrence is based on the technical merit of the
case and independent assessment of the risk. If the technical decision
relates to requirements owned by the Technical Authority, then the
Technical Authority approves the decision. If the technical decision
does not relate to requirements owned by the Technical Authority, then
the Technical Authority concurs with the decision. Refer to NPR 7120.5,
and to NASA-STD 8709.20, Management of Safety and Mission Assurance Technical Authority Requirements, for
definitions of approval and concurrence.

(2) Formal approval by the cognizant SMA authority that the risk is
acceptable.

NOTE: The cognizant SMA authority should not be confused with Technical
Authority. SMA authority is the authority assigned by NPD 1000.3, The
NASA Organization, to the Chief, Safety and Mission Assurance to
determine if the risk of a hazard exceeds the limits where it can be
accepted. This authority is not limited solely to hazards related to SMA
requirements but to any hazard. Application of this authority is
intended to be applied at a level consistent with the application of
Technical Authority (that is to the cognizant SMA authority).

(3) Formal consent to take any human safety risk by the actual risk
taker and an appropriate member of his/her supervisory chain.

NOTE: There are two elements to the consent to take risk. The first
element is that the risk takers themselves volunteer to take the risk.
The second element is that the appropriate member of the supervisory
chain also consents to the risk-taking. The first element focuses on the
willingness of the risk taker to volunteer while the second element
provides for a check and balance on the risk taker to alleviate
situations where a risk taker might be reluctant to decline taking
inappropriate risk.

(4) Formal acceptance of the risk by the applicable program, project, or
operations and facilities manager.

NOTE: Residual risk is the remaining risk that exists after all
mitigation actions have been implemented or exhausted in accordance
with the risk management process.

k. Report and track to resolution all corrective actions resulting from
investigations of mishaps, incidents, nonconformances, anomalies, and
safety and mission assurance audits; distribute and use
lessons learned to improve activities and operations.

l. Encourage, support and monitor programs, activities and events that strengthen and sustain a healthy safety culture at NASA.

2. APPLICABILITY

a. This directive is applicable to NASA Headquarters and NASA Centers, including Component Facilities and Technical and Service Support Centers. This directive applies to the Jet Propulsion Laboratory and other contractors only to the extent specified or referenced in the appropriate contracts.

b. In this directive, all mandatory actions (i.e., requirements) are denoted by statements containing the term "shall." The terms: "may" or "can" denote discretionary privilege or permission, "should" denotes a good practice and is recommended, but not required, "will" denotes expected outcome, and "are/is" denotes descriptive material.

c. In this directive, all document citations are assumed to be the latest version unless otherwise noted.

3. AUTHORITY

a. The National Aeronautics and Space Act, as amended 51 U.S.C. § 20113(a).

4. APPLICABLE DOCUMENTS AND FORMS

None.

5. RESPONSIBILITY

a. The Administrator is the ultimate acceptance/disposition official for
residual safety and mission success risks and the official Agency
spokesperson to consent to any exposure to residual human safety or
property risk on behalf of the general public. In this capacity, the
Administrator shall--

(1) Decide cases of formal dissent to accept residual safety and mission
success risks that are elevated to the Administrator (Requirement).

(2) Consent to the residual human safety or property risk on behalf of
the general public in cases where the consent to take the residual human
safety or property risk is not the responsibility of the Center Director
(when the risk is located at or near a NASA Center or Component Facility)
or the Range Commander (when the risk is associated with range
operations) (Requirement).

(3) Request external approval/concurrence for risks that are not within
the authority of NASA to grant (Requirement).

b. The Mission Directorate Associate Administrators are responsible for
the safety and mission success of their programs, projects, elements, and
activities.

(a) Establish safety and mission success requirements based on the
Agency-level requirements for all programs and assure these requirements
are properly flowed down into projects, elements, and activities
(Requirement).

(b) Ensure that all programs, projects, elements, and activities control
the recurrence of problems through a closed-loop corrective and
preventive action system (Requirement).

(c) Establish policies and procedures for formal reviews for the
certification of programs, projects, elements, and activities as detailed
in paragraph 1.g (Requirement).

(d) Establish and apply a process for technical decisions dealing with
residual safety and mission success risk that is consistent with the
policy statements contained within paragraph 1.j above (Requirement).

(2) Mission Directorate Associate Administrators are authorized to
direct the suspension of any activity that presents either a present
hazard (imminent danger) or future hazard to people, property, or mission
operations due to unsafe acts or conditions that might be identified by
either inspection or analysis.

c. Responsibilities for the Chief, Safety and Mission Assurance are
assigned in NPD 1000.3.

(1) In addition to those responsibilities, the Chief, Safety and Mission
Assurance shall--

(a) Provide SMA and Risk Management (RM) expectations and evaluations at
Program Management Council activities and other major program milestone
reviews (Requirement).

(c) Participate in selected certification and readiness reviews
established by the Mission Directorate Associate Administrators
(Requirement).

(d) Formulate and direct safety, reliability, maintainability, and
quality education, training, and career development programs to enable
SMA staff, program/project management, senior Agency management, and the
NASA workforce to obtain the understanding of safety, reliability,
maintainability, and quality principles, tools, methods, and standards
necessary to successfully perform their functions (Requirement).

(e) Review emergency planning as part of the Office of Safety and Mission
Assurance review processes to ensure compliance with the Occupational
Safety and Health Administration requirements in 29 CFR 1960, 29 CFR
1910, and the Worker Safety and Health Support Annex of the National
Response Plan (Requirement).

(f) Evaluate and independently assess residual risk and determine
whether the risk may be accepted (Requirement).

(2) The Chief, Safety and Mission Assurance is authorized to direct the
suspension of any activity that presents either a present hazard
(imminent danger) or future hazard to people, property, or mission
operations due to unsafe acts or conditions that might be identified by
either inspection or analysis.

d. The Chief Health and Medical Officer is authorized to direct the
suspension of any activity that presents either a present hazard
(imminent danger) or future hazard to people, property, or mission
operations due to unsafe acts or conditions that might be identified by
either inspection or analysis.

e. The Center Directors are responsible for the safety and mission
success of their activities and operations.

(1) To accomplish this, in addition to the responsibilities established
in NPD 1000.3, each Center Director shall--

(e) Apply a process for technical decisions dealing with residual safety
and mission success risk to Center activities and operations that is
consistent with paragraph 1.j, including:

(i) Serving as the risk acceptance/disposition official for residual
safety and mission success risk to Center operations and activities
(Requirement).

(ii) Consenting to take the residual risk on behalf of people exposed
(civil service employees, contractor employees, and visitors) on-site at
the Center and its component facilities (Requirement).

NOTE: For spaceflight and aircraft flight crews, the Center Director
for the Center where the flight crews are employed is responsible for the
flight crew and consents to take the residual risk on behalf of the
flight crews, regardless of the location of the risk. During flight
operations, the consent to take risk may transfer to the vehicle
commander or other designated individual.

(f) Maintain the safe and successful functioning of the Center facilities
and operations (Requirement).

(g) Use lessons learned to improve operations and activities
(Requirement).

(h) Control recurrence of undesired events through a closed-loop
corrective action system (Requirement).

(2) Center Directors are authorized to direct the suspension of any
activity that presents either a present hazard (imminent danger) or
future hazard to people, property, or mission operations due to unsafe
acts or conditions that might be identified by either inspection or
analysis.

f. Program, project, and element managers are responsible for the safety
and mission success of their programs, projects, and elements. Program,
project, and element managers shall--

(1) Establish safety and mission success requirements within their
programs, projects, and elements in conjunction with the designated
Technical Authority (Requirement).

(2) Work with the host Center SMA organization to coordinate/execute SMA
efforts within the program/project/element (Requirement).

(3) Accept any residual safety and mission success risk for activities
within their decision authority for their program/project/element
(Requirement).

g. In cases where there is residual risk to safety and mission success,
the cognizant Technical Authorities (Engineering, SMA, Health/Medical)
shall evaluate and formally approve or concur with the program manager to
accept the risk. (Refer to paragraph 1.j.(1).) (Requirement).

(b) Serve as the Center focal point for the alternative, independent SMA
line of communication (Requirement).

(c) Assure that effective and efficient SMA processes are in place to
enhance the potential for success of NASA programs, projects, elements,
and activities hosted by the Center (Requirement).

(d) Conduct surveillance and independent assessments to enhance (a) the
success of programs, projects, elements, and activities; and (b) the
effectiveness of SMA activities (Requirement). This includes overseeing any SMA activities managed by other organizations, such as
aviation safety, lifting safety, pressure-systems safety, firefighting,
and emergency response.

(e) Review, in coordination with their Center's program, project, and
element personnel, SMA and RM plans for the programs, projects, and
elements at the Center (Requirement).

(f) Perform hazard analyses and SMA assessments in support of program,
project, and element needs (Requirement).

(g) Provide SMA expectations and evaluations to local Center Program
Management Council activities (Requirement).

(h) Evaluate and independently assess safety and mission success
residual risk and determine that the risk may be accepted (Requirement).

(2) Center SMA functional managers are authorized to direct the
suspension of any activity that presents either a present hazard
(imminent danger) or future hazard to people, property, or mission
operations due to unsafe acts or conditions that might be identified by
either inspection or analysis.

i. The Associate Administrator for Institutions and Management is
responsible for the operational safety program at Headquarters.

(1) The Associate Administrator for Institutions and Management shall--

(a) Maintain the safe and successful functioning of Headquarters
facilities and operations (Requirement).

(b) Use lessons learned to improve operations and activities
(Requirement).

(c) Control recurrence of undesired events through a closed-loop
corrective action system (Requirement).

(e) Apply a process for technical decisions dealing with residual safety
and mission success risk to Headquarters activities and operations that
is consistent with paragraph 1.j, including:

(i) Serving as the risk acceptance official for residual safety and
mission success risk to Headquarters operations and activities
(Requirement).

(ii) Consenting to take the residual risk on behalf of people exposed
(civil service employees, contractor employees, and visitors) onsite at
Headquarters (Requirement).

(f) Designate a safety manager to serve as the leader and focal point for
the Headquarters safety activities (Requirement).

(2) The Associate Administrator for Institutions and Management is
authorized to direct the suspension of any activity that presents either
a present hazard (imminent danger) or future hazard to people, property,
or mission operations due to unsafe acts or conditions that might be
identified by either inspection or analysis.

j. Supervisors are responsible for the safety of their assigned
personnel. Supervisors are authorized within the context of their
official duties to direct the suspension of any activity that presents a
present hazard (imminent danger) to their employees.

k. Employees are authorized to cease working any process or operation
they believe to be unsafe and request analysis by a qualified individual.

6. DELEGATION OF AUTHORITY

None.

7. MEASUREMENT/VERIFICATION

Compliance with the requiements conained within this NPD is continuously monitored by the Centers and by the SMA Technical Authority. Compliance may also be verified as part of selected life cycle reviews, and by assessments, reviews, and audits of the requirements and processes defined within this NPD.